What the MFSA Document on ICT Risk and Cybersecurity Means

​The Malta Financial Services Authority issued a document that was the third instalment of The Nature and Art of Financial Supervision series on January 28, 2021. This document shifts gears to focus more primarily on cybersecurity supervision and ICT risk. It does so by first taking a more in-depth look at the background of both sectors and touches on the legal and regulatory provisions and functions for each.

NEW EXPECTATIONS

The document highlights the observations made for ICT risk and cybersecurity supervision in addition to laying out the Authority expectations for cross-sectoral priority in 2021 and beyond. MFSA has documented that they expect regulated entities to read this third instalment and take heed of the recommendations when and where applicable.

MFSA Chief Supervision Officer and Chief Executive Officer ad interim, Dr Christopher P. Buttigieg, commented that “ICT is crucial in all aspects of today’s world. The financial services sector is no exception. In 2020 the MFSA set up a cross-sectoral Supervisory ICT Risk and Cybersecurity functions to address risks inherent to this area. Going forward, the Authority has designated ICT Risk and Cybersecurity as one of its priorities for 2021.”

WHO IT APPLIES TO

The new document applies to all of the following licensed entities. This is not an exhaustive list and the actual document may be referenced here for further assessment:

● Financial Institutions

● Credit Institutions

● Investment Services

● Pension Service Providers

● Retirement Pension Schemes

● Trading Venues

● Trustee and Other Fiduciaries

● Virtual Financial Assets

● Company Service Providers

● Central Securities Depositories

REGULATION PROPOSAL

The regulation proposal is laid out by the following four areas:

● ICT Risk Management — all financial institutions will be required to have a framework in place that is risk-based.

● Incident Reporting — communication will be enhanced.

● Digital Operational Resilience Testing — proportionate and resilient testing.

● Managing of ICT Third-Party Risk — more outsourcing, new oversight tools for supervisors.

● Information Sharing Arrangements — voluntary scheme to encourage communication about threats.

CONCLUSION

The MFSA plans to continue building upon the foundational groundwork that was initially carried out in 2020. This development brings forth the amplified consideration of the need for ICT Risk and Cybersecurity as the primary focuses for 2021. More terms will be laid out as the year progresses which will help to prioritize key risk areas within the industry. The MFSA plans to educate and carry out these initiatives with a broader awareness of all activities for stakeholders and companies alike. The Authority anticipates the regulation of entities to the content of this third volume document. If regulation is not met, corrective action will be taken when and where appropriate in order to follow the expectations herein laid out by the Authority.

Originally published at https://www.vacancycentre.com.

--

--

--

Talent solutions you can trust. Unleash your professional career within Finance, Compliance and Technology.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Supports hundreds of tokens and a decentralized platform

Understand how an Ethereum address is created

Password verification using Hashing

Leaked Database of CGG Website: GOVT- BUG (CRITICAL)

Data Protection with Azure Key Vault and Azure Storage in .NET or .NET Core applications

DCShadow: detecting a rogue domain controller replicating malicious changes to your Active…

Malta passport template in PSD format

Zero Trust Architecture… Part of the Answer in Managing Supply Chain Security Risk

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
VacancyCentre

VacancyCentre

Talent solutions you can trust. Unleash your professional career within Finance, Compliance and Technology.

More from Medium

Log4Shell — Too Close to Home

FilmChain integrates with JotForm to collect and manage rights management data

Connect a Particle Xenon to the Cloud via CLI

FOSS United’s Public Policy initiative